As a regulatory requirement in virtually all jurisdictions that allow gaming, it is necessary to have a technique to authenticate that the software installed in a gaming machine is tested and approved. In the past, gaming manufacturers have generally used EPROM-based hardware platforms to store program code. As a result, a number of software authentication techniques have been accepted as standards throughout the gaming industry. Depending upon the preferences of the local regulatory agency, these techniques generally include either a Kobetron signature or a hash function based on the data stored in the EPROM device.
Authentication of software programs basically occurs using two different methods in the field, again determined by the local regulatory agency. In one method, each EPROM is authenticated by a gaming agent prior to being installed in a gaming machine that is to be brought up for play. The EPROMs may be shipped directly to the gaming agency for authentication prior to the install date of the machine, or may be authenticated on the casino floor as the software is being installed in the machine. In another method, authentication is conducted on a spot-check basis. A gaming agent periodically visits a casino and picks machines selectively or at random to remove the software components for authentication.
Jurisdictional requirements require that storage media containing code or data to be authenticated at power-up, continuously or at a periodic rate, or upon occurrence of events such as the opening of the main door of the gaming device. Such storage media may consist of erasable programmable read-only memory devices (EPROMs), CompactFlash storage cards, hard disc drives, CD drives, etc. Authentication of a storage media is performed by the gaming device's central processing unit (CPU). Typically, one or more hash values for all or part of the data located on the media has been generated. This hash value is usually generated using authentication algorithms such as SHA-1 or MD5. The hash is then encrypted using an algorithm such as the digital signature algorithm (DSA) to form a signature that is usually stored on the media. Additionally, to provide even more security, some or all of the data on the media may be encrypted either prior to the generation of the signature or after the generation of the signature using methods such as private key bulk encryption which includes algorithms such as the data encryption standard (DES), Triple-DES (3DES), or the advanced encryption standard (AES). In order to authenticate the data stored on the media, the CPU must decrypt any encrypted data and must regenerate the hash values and compare them to the stored values. Authentication by the CPU may take several minutes due to increasing complexity of the gaming device's software and thus the storage size of the media. Thus, some system and/or method for speeding up the authentication process would be greatly beneficial.